config

package
v0.5.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 1, 2022 License: Apache-2.0 Imports: 5 Imported by: 1

Documentation

Index

Constants

View Source
const (
	ServiceProviderTypeGitHub ServiceProviderType = "GitHub"
	ServiceProviderTypeQuay   ServiceProviderType = "Quay"
	DefaultVaultHost          string              = "http://spi-vault:8200"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type Configuration

type Configuration struct {
	// ServiceProviders is the list of configuration options for the individual service providers
	ServiceProviders []ServiceProviderConfiguration

	// BaseUrl is the URL on which the OAuth service is deployed. It is used to compose the redirect URLs for the
	// service providers in the form of `${BASE_URL}/${SP_TYPE}/callback` (e.g. my-host/github/callback).
	BaseUrl string

	//KubernetesAuthAudiences is the list of audiences used when performing the token reviews with the Kubernetes API.
	// Can be left empty if not needed.
	KubernetesAuthAudiences []string

	// SharedSecret is the secret value used for signing the JWT keys used as OAuth state.
	SharedSecret []byte

	// TokenLookupCacheTtl is the time for which the lookup cache results are considered valid
	TokenLookupCacheTtl time.Duration

	// VaultHost url to vault storage.
	VaultHost string

	// ServiceAccountTokenFilePath file with service account token. It is used for Vault kubernetes auth.
	// No need to set when running in pod, but can be useful when running outside, like local dev.
	// It is set with `SA_TOKEN_PATH` environment variable.
	ServiceAccountTokenFilePath string

	// AccessCheckTtl is time after that SPIAccessCheck CR will be deleted.
	AccessCheckTtl time.Duration
}

Configuration contains the specification of the known service providers as well as other configuration data shared between the SPI OAuth service and the SPI operator

func LoadFrom

func LoadFrom(configFile string) (Configuration, error)

type PersistedConfiguration

type PersistedConfiguration struct {
	// ServiceProviders is the list of configuration options for the individual service providers
	ServiceProviders []ServiceProviderConfiguration `yaml:"serviceProviders"`

	//KubernetesAuthAudiences is the list of audiences used when performing the token reviews with the Kubernetes API.
	// Can be left empty if not needed.
	KubernetesAuthAudiences []string `yaml:"kubernetesAuthAudiences,omitempty"`

	// SharedSecret is secret value used for signing the JWT keys.
	SharedSecret string `yaml:"sharedSecret"`

	// BaseUrl is the URL on which the OAuth service is deployed.
	BaseUrl string `yaml:"baseUrl"`

	// TokenLookupCacheTtl is the time the token lookup results are considered valid. This string expresses the
	// duration as string accepted by the time.ParseDuration function (e.g. "5m", "1h30m", "5s", etc.). The default
	// is 1h (1 hour).
	TokenLookupCacheTtl string `yaml:"tokenLookupCacheTtl"`

	// VaultHost is url to Vault storage. Default `http://spi-vault:8200` which is default spi Vault service name for
	// kubernetes deployments.
	VaultHost string `yaml:"vaultHost"`

	// AccessCheckTtl is the time after that SPIAccessCheck CR will be deleted by operator. This string expresses the
	// duration as string accepted by the time.ParseDuration function (e.g. "5m", "1h30m", "5s", etc.). The default
	// is 30m (30 minutes).
	AccessCheckTtl string `yaml:"accessCheckTtl"`
}

PersistedConfiguration is the on-disk format of the configuration that references other files for shared secret and the used kube config. It can be Inflate-d into a Configuration that has these files loaded in memory for easier consumption.

type ServiceProviderConfiguration

type ServiceProviderConfiguration struct {
	// ClientId is the client ID of the OAuth application that the SPI uses to access the service provider.
	ClientId string `yaml:"clientId"`

	// ClientSecret is the client secret of the OAuth application that the SPI uses to access the service provider.
	ClientSecret string `yaml:"clientSecret"`

	// ServiceProviderType is the type of the service provider. This must be one of the supported values: GitHub, Quay
	ServiceProviderType ServiceProviderType `yaml:"type"`

	// ServiceProviderBaseUrl is the base URL of the service provider. This can be omitted for certain service provider
	// types, like GitHub that only can have 1 well-known base URL.
	ServiceProviderBaseUrl string `yaml:"baseUrl,omitempty"`

	// Extra is the extra configuration required for some service providers to be able to uniquely identify them. E.g.
	// for Quay, we require to know the organization for which the OAuth application is defined for.
	Extra map[string]string `yaml:"extra,omitempty"`
}

ServiceProviderConfiguration contains configuration for a single service provider configured with the SPI. This mainly contains config.yaml of the OAuth application within the service provider.

type ServiceProviderType

type ServiceProviderType string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL